Sign up for our weekly security newsletter

Researcher Reveals Vulnerability Rated Critical for Opera Web-Browser

Jose A. Vazquez a security researcher recently disclosed a critical security flaw within the Opera Web-browser, which if exploited, could allow the injection of malware, stated esecurityplanet.com dated October 17, 2011.

Actually according to Vazquez, the flaw was first discovered in 2010 following which he soon informed the browser's creators while providing a POC (proof-of-concept). Nevertheless, he adds that Opera thought it okay to leave the flaw un-patched. H-online.com reported this on October 17, 2011.

Furthermore, as per Vazquez, Opera's creators probably tested the 10.6 exploit version he provided on the latest 11.x edition that may've resulted in the exploit's breakdown. Thereafter, rather than again contact Opera, Vazquez recently made a design for the exploit to adapt it to Opera's latest 11.51 edition, while publishing it like a Metasploit program, meaning that essentially anybody is now capable of abusing the flaw.

Moreover, Vazquez states that the vulnerability is the result of a memory error while treating Scalable Vector Graphics (SVG) matter inside framesets. Any computer can get infected with malware if the user is just made to access a compromised website, he adds.

Continuing further, he says that despite the experimental assaults having merely 3 successful ones from a total of 10, it is surely sufficient for a Web-hacker for exploiting the situation. Softpedia.com reported this on October 18, 2011.

Interestingly, the proportion in which the attacks are successful for the most recently-launched Opera's beta edition is still more, with six attempts from a total of ten leading to infection.

Meanwhile, the world, lately, was amazed of Opera getting to be the lone Web-browser that ran the Transport Layer Security (TLS) 1.1 and 1.2 that were the sole BEAST attack-free cryptographic protocols. BEAST is another POC, which disclosed vulnerabilities of high-risk while TLS 1.0 and Secure Sockets Layer (SSL) were in use.

Importantly, despite being ahead within the conflict, Opera requires maintaining every security aspect incase the company desires for marketing a product, which assures consumers a secured surfing.

But, it remains for perceiving, the manner in which Opera will react since the vendor hasn't made any official statement hitherto about the latest event.